07/10/2014

Integrated Payments + EMV = A Fully Robust Competitive Software Solution

As you may be aware, October 2015 marks a significant date in the world of payments. In the next step to further incentivize EMV adoption in the U.S., major card brands will officially shift liability for fraudulent EMV card-present transactions to favor merchants using EMV-enabled devices.  To prepare for this shift, ISVs should prepare now to ensure their applications are EMV-ready. There are various methods to incorporate EMV into software applications, some simple and some greatly complex. 

Traditional EMV certification is lengthy, complicated, and costly, as the software provider has to complete a direct EMV certification to each hardware manufacturers and processors they wish to support in their application.  It is time consuming to certify to multiple U.S. processors and hardware manufacturers, and adding in the the EMV transaction protocol itself adds another layer of complexity for the ISV.

An alternative approach is to look for a solution that removes the complexity of traditional payments integration as a whole while offering a fast track to U.S. EMV enablement.  A simplistic integration should offers ISVs a one-time “future proof” certification that enables a wide range of POS hardware devices, supports all transaction protocols (such as EMV), and connects to all authorization platforms.   With a “future proof” integration any newly supported devices, transaction protocols, and authorization platforms automatically become available to the software provider and their customers – and best of all there is no additional development work. 

The choice is yours; EMV is coming, are you ready?

06/16/2014

Payment Industry Acronym Refresh

The payments industry is full of abbreviations and acronyms.  Let’s take a look at the 5 most common ones we use and their definitions.

  1. PCI DSS stands for Payment Card Industry Data Security Standard – A set of security requirements for all businesses that handle payment cards, including merchants and software developers of applications that handle payment card data. 
  2. P2PE is the acronym for point-to-point encryption.  P2PE ensures sensitive cardholder data is protected from first card swipe or key-entry, while in transit, all the way to the payment processor.  Encryption renders the credit card data so that it is unreadable and valueless should it become intercepted during the transaction life cycle.
  3. POE, known as Point-of-Entry is the initial instance when cardholder data enters the point of sale through a payment device by swiping or manually keying a payment card.
  4. CDE stands for cardholder data environment.  A merchant’s CDE is made up of all of the components used to process, store, or transmit cardholder data.  
  5. EMV stands for Europay, MasterCard, and Visa.  Named for the organizations that originally backed the initial development, EMV is the transaction protocol that uses microchips on payment cards to authenticate the card vs. traditional magstripe data.

05/08/2014

Is There A Target on Your Back for Cybercriminals to Attack?

Payment card data remains one of the easiest types of data to convert to cash, and therefore the preferred choice of criminals. In fact, 74% of attacks on retail, accommodation, and food services companies target payment card information1.

Fortunately, there are many payment card security technologies that are readily available to businesses of all sizes in all industries to help minimize the risk of handling cardholder data.  A simple and secure technology that is easily implemented at the point-of-sale (POS) is Point-to-Point Encryption (P2PE). 

P2PE is the process of converting sensitive cardholder data into an unintelligible form of a specific cryptographic key. This technology is built into POS devices to securely transmit cardholder data from the device through the software application to the payment processor.  The encrypted cardholder data being transmitted is NOT equivalent to the original cardholder data in any way. Even if the data were to be intercepted, it would be useless to data thieves.

P2PE has many benefits to businesses and their customers. 

  • P2PE can drastically reduce a merchant’s PCI scope since cardholder data does not enter the merchant’s POS application
  • P2PE minimizes the risk of handling cardholder data
  • P2PE reduces the cost and difficulty of implementing and maintaining PCI controls
  • Customers know their cardholder data is securely protected, building consumer confidence  

You wouldn’t wait for a break-in to protect your home, don’t wait for a breach to protect your payments…Get started today

1 2014  Data Breach Investigations Report (DBIR), Verizon Business, February 2014

Search Blog


Your email address:

Bookmark and Share




Resources

About PCI DSS Compliance Blog

Email Us

PCI Compliance Resources

Industry News on Twitter


Visit Element on